The growth of online commerce and other Internet services, the use of applications for accessing services requiring the entry of confidential data has taken on massive proportions. This typically occurs when a user is paying for products and services, or accessing services requiring entry of registration data. Payment with the use of banking applications is done in similar ways on PCs and mobile devices. As a result of the developments of this field, malicious software has appeared, which may steal a user's confidential data that is used for paying for products and services, and also for registering for services and resources on the Internet.
One of the ways of stealing data entered by a user is to overlay an interface of a malicious application over the interface of a legitimate web page or application through which the payment or registration is attempted. For example, a program created by a hacker may overlay a number of registration fields such that the user enters data not in the original registration field, but in the interface element provided by the hacker's program.
The antivirus industry has been called upon to protect the user against such malicious programs, and the solution to this problem may include the creation of various systems, which make it possible to track down the moment when the interface of a protected application is overplayed by the interface of a malicious program. An analysis of known solutions indicates that these solutions are unable to protect against partial overlay of the window of a protected application without affecting the window of the protected application (closing the window, changing its size, and so on) and its process (e.g., intrusion into an active process).